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DETAILED ACTION 

1 . Claims 1 - 63 have been presented for examination. Claim 2, 8, 1 8, 1 9, 23, 37, 
38, 42, 43 and 45 - 63 have been cancelled and claims 1 , 22 and 44 have been 
amended in an amendment filed 8/21/2006. The amendment filed have been entered 
and made of record. Presently, pending claims are 1 , 3 - 7, 9 - 22, 24 - 36, 39, 40 and 
44. 

Response to Arguments 

2. ' Applicant's arguments with respect to the subject matter of the instant claims 
have been fully considered but are not persuasive. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that 
forms the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1 , 6, 9 - 1 4, 16, 20, 22, 27, 29 - 33, 35 and 39 are rejected under 35 
U.S.C. 102(e) as being anticipated by Bare (U.S. Patent 6389532). 
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As per claim 1 and 22, Bare teaches a method for limiting the impact of 
undesirable behavior of computers on a network through which packets of data are 
interchanged between the computers, comprising: 

monitoring the network for any patterns of behavior (Bare: Column 1 1 Line 42 - 
44, Column 1 2 Line 5 - 7 and Column 1 2 Line 52 - 60); 

determining, upon discovering that one or more of the patterns of behavior is 
undesirable, a type of the undesirable pattern of behavior (Bare: Column 12 Line 52 - 
60 and Column 4 Line 60 - 63); 

determining a proper action for mitigating that type of undesirable behavior, the 
proper action including preventing dissemination through the network of packets 
associated with the undesirable behavior and allowing dissemination of packets not 
associated with the undesirable (Bare: Column 12 Line 56 - 60 and Column 4 Line 60 - 
63). 

wherein preventing dissemination comprises at least one of changing a routing 
table, changing a forwarding table, turning off at least one port of a forwarding device, 
filtering on Internet Protocol (IP) addresses, and filtering on media access control (MAC) 
addresses (Bare: Column 1 2 Line 56 - 60 and Column 4 Line 60 - 63). 

wherein a discovery, including that of a network topology, facilitates the network 
monitoring and type of undesirable behavior determination (Bare: Column 1 1 Line 42 - 
44, Column 12 Line 5 - 7 and Column 12 Line 52 - 60), 
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As per claim 6 and 27, Bass teaches the undesirable pattern of behavior is any 
network pathology characterized as a broadcast storm or an address resolution protocol 
(ARP) fight (Bare: Column 1 1 Line 42 - 44, Column 12 Line 5 - 7 and Column 12 Line 
52 - 60). 

As per claim 29, Bare teaches preventing the dissemination of the undesirable 
pattern of behavior includes discarding the packets associated with such behavior, 
isolating any of the computers at which such behavior originates, or isolating any 
network segments at which such behavior originates (Bare: Column 12 Line 56 - 60 
and Column 4 Line 60 - 63). 

As per claim 9, Bare teaches wherein the monitoring includes recovering a 
topology of the network using information obtained through a network management 
protocol interface (Bare: Column 4 Line 52 - 63). 

As per claim 1 0, Bare does not disclose expressly the network management 
protocol is the simple network management protocol (SNMP). However, Official Notice 
is taken that the use of SNMP is one of the most widely used methods in the field for 
network management protocol. 

As per claim 1 1 and 31 , Bare teaches the undesirable pattern of behavior is a 
broadcast storm, and wherein the monitoring includes learning a topology of the 
network from a forwarding database or table of a forwarding device in the network 
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(Bare: Column 1 1 Line 42 - 44, Column 1 2 Line 5-7, Column 4 Line 52 - 63 and 
Column 12 Line 52-60). 

As per claim 12 and 33, Bare teaches the network is a shared data network 
(Bare: Figure 1). 

As per claim 13, 14 and 32, Bare teaches the network is a switched Ethernet 
network and the forwarding device is a switch (Bare: Column 12 Line 52 - 60). 

As per claim 16 and 35, Bare teaches teaches the proper action includes alerting 
a system administrator about the existence of the undesirable pattern of behavior (Bare: 
Column 58 Line 1 -4). 

As per claim 20 and 39, Bare teaches understanding the network topology 
facilitates disablement of ports in forwarding devices that connect to offending 
computers (Bare: Column 1 1 Line 42 - 44, Column 1 2 Line 5-7, Column 4 Line 52 - 
63 and Column 1 2 Line 52 - 60). 

As per claim 30, claim 30 encompasses the similar scope as described in claim 9 
and 10. Therefore, see same rationale addressed above in rejecting claim 9 and 10. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 1 , 7 and 28 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gupta et al. (U.S. Patent 6389532), in view of Bare (U.S. Patent 6389532). 

As per claim 1 , Gupta teaches a method for limiting the impact of undesirable 
behavior of computers on a network through which packets of data are interchanged 
between the computers, comprising: 

monitoring the network for any patterns of behavior (Gupta: Column 7 Line 28 - 

38); 

determining, upon discovering that one or more of the patterns of behavior is 
undesirable, a type of the undesirable pattern of behavior (Gupta: Column 7 Line 28 - 
38: denial of service attacks); 

determining a proper action for mitigating that type of undesirable behavior, the 
proper action including preventing dissemination through the network of packets 
associated with the undesirable behavior and allowing dissemination of packets not 
associated with the undesirable (Gupta: Column 7 Line 39 - 47). 
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wherein preventing dissemination comprises at least one of changing a routing 
table, changing a forwarding table, turning off at least one port of a forwarding device, 
filtering on Internet Protocol (IP) addresses, and filtering on media access control (MAC) 
addresses (Gupta: Column 7 Line 39 - 47). 

However, Gupta does not teach a discovery, including that of a network topology, 
facilitates the network monitoring and type of undesirable behavior determination. 

Bare teaches a discovery, including that of a network topology, facilitates the 
network monitoring and type of undesirable behavior determination (Bare: Column 1 1 
Line 42 - 44, Column 12 Line 5 - 7 and Column 12 Line 52 - 60). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Bare within the system of Gupta 
because (a) Gupta teaches identifying the network undesirable behavior that may cause 
network failures and (b) Bare teaches providing a mechanism for dynamically managing 
the topology of a data network to improve the network performance as well as 
eliminating loops that could lead to broadcast storms essentially crippling network 
performance and causing network failures (Bare: Column 4 Line 60 - 63). 

As per claim 7 and 28, Gupta teaches the undesirable pattern of behavior 
includes any one or more of a stolen Internet protocol (IP) address, a stolen media 
access control (MAC) address, a malformed packet, too many packets directed to an 
overloaded server, too many probe packets directed to a firewall or too many ARP 
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request packets (Gupta: Column 7 Line 36 
packets directed to an overloaded server). 
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- 38: denial of service - i.e. too many 



5. Claims 1 , 7 and 28 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Redlich (U.S. Patent 6591306), in view of Bare (U.S. Patent 6389532). 

As per claim 1 and 22, Redlich teaches a method for limiting the impact of 
undesirable behavior of computers on a network through which packets of data are 
interchanged between the computers, comprising: 

monitoring the network for any patterns of behavior (Redlich: Column 18 Line 6 - 
15: duplicate IP address); 

determining, upon discovering that one or more of the patterns of behavior is 
undesirable, a type of the undesirable pattern of behavior (Redlich: Column 18 Line 6 - 
15); 

determining a proper action for mitigating that type of undesirable behavior, the 
proper action including preventing dissemination through the network of packets 
associated with the undesirable behavior and allowing dissemination of packets not 
associated with the undesirable (Redlich: Column 18 Line 6-15). 

wherein preventing dissemination comprises at least one of changing a routing 
table, changing a forwarding table, turning off at least one port of a forwarding device, 
filtering on Internet Protocol (IP) addresses, and filtering on media access control (MAC) 
addresses (Redlich: Column 18 Line 6-15). 
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However, Redlich does not teach a discovery, including that of a network 
topology, facilitates the network monitoring and type of undesirable behavior 
determination. 

Bare teaches a discovery, including that of a network topology, facilitates the 
network monitoring and type of undesirable behavior determination (Bare: Column 1 1 
Line 42 - 44, Column 1 2 Line 5 - 7 and Column 1 2 Line 52 - 60). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Bare within the system of Redlich 
because (a) Redlich teaches identifying the network undesirable behavior that may 
cause network failures and (b) Bare teaches providing a mechanism for dynamically 
managing the topology of a data network to improve the network performance as well 
as eliminating loops that could lead to broadcast storms essentially crippling network 
performance and causing network failures (Bare: Column 4 Line 60 - 63). 

As per claim 7 and 28, Redlich teaches the undesirable pattern of behavior 
includes any one or more of a stolen Internet protocol (IP) address, a stolen media 
access control (MAC) address, a malformed packet, too many packets directed to an 
overloaded server, too many probe packets directed to a firewall or too many ARP 
request packets (Redlich: Column 18 Line 6 - 15: a stolen Internet protocol (IP) 
address). 
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As per claim 15 and 34, Redlich teaches the undesirable pattern of behavior is 
too many ARP requests and wherein the monitoring includes verifying stability and lack 
of conflicts in an IP or MAC address mapping (Redlich: Column 18 Line 6-15). 

As per claim 17 and 36, Redlich teaches the undesirable pattern of behavior is a 
simultaneous use of a network address, and wherein the proper action includes 
disabling any address associated to the network address that contradicts an address list 
in a network server or disabling any associated address that is not included in a list of 
addresses that are allowed to map to the network address (Redlich: Column 18 Line 6 - 
15). 



6. Claims 3-4 and 24 - 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bare (U.S. Patent 6389532), in view of Rodeheffer (U.S. Patent 
5260945). 

As per claim 3. and 24, Bare does not disclose expressly the dissemination 
through the network of packets associated with the undesirable behavior is prevented 
for a time period that is lengthened gradually as long as the undesirable behavior 
continues or intermittently reappears, the time period being gradually shortened if the 
undesirable behavior stops for a predetermined time. 

Rodeheffer teaches the dissemination through the network of packets associated 
with the undesirable behavior is prevented for a time period that is lengthened gradually 
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as long as the undesirable behavior continues or intermittently reappears, the time 
period being gradually shortened if the undesirable behavior stops for a predetermined 
time (Rodeheffer: see for example, Column 1 Line 42 - 48, Column 2 Line 9 - 45, 
Column 3 Line 21 - 26 and Column 7 Line 1 - 42). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Rodeheffer within the system of Bare 
because (a) Bare teaches identifying the network undesirable behavior that may cause 
network failures and (b) Rodeheffer teaches providing for an optimized recovery time 
period of network failures that can minimize the disruption time based upon the 
information records of failure recovery history (Rodeheffer: see for example, Column 1 
Line 1 3 - 1 6 and Column 2 Line 34 - 45). 

As per claim 4 and 25, Bare as modified teaches the time period corresponds to 
a skepticism level that depends on a history of the undesirable pattern of behavior, a 
skepticism level zero (0) denoting a good history (Rodeheffer: see for example, Column 
3 Line 20 - 26 and Column 5 Line 62 - 67). 

7. Claims 5 and 26 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bare (U.S. Patent 6389532), in view of Bass et al. (U.S. Patent 6185185). 
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As per claim 5 and 26, Bare does not disclose expressly the undesirable pattern 
of behavior is characterized in that it matches behavior defined by a network 
administrator as notable or undesirable. 

Bass teaches the undesirable pattern of behavior is characterized in that it 
matches behavior defined by a network administrator as notable or undesirable (Bass: 
see for example, Column 3 Line 45). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Bass within the system of Bare because 
(a) Bare teaches identifying the network undesirable behavior that may cause network 
failures and (b) Bass teaches an improvement mechanism in the prevention of 
broadcast traffic in computer networks (Bass: Column 2 Line 6 - 8). 

8. Claims 21 and 40 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bare (U.S. Patent 6389532), in view of Rodeheffer (U.S. Patent 5260945), and in 
view of Singh (Patent Number: 6453430). 

As per claim 21 and 40, Bare as modified teaches the time period becomes 
longer in a random exponential backoff before an attempt is made to allow resumption 
of the packets from any offending computer that originated the undesirable pattern of 
behavior, the time period becoming longer if the undesirable pattern of behavior 
reoccurs during a current backoff time, the time period becoming shorter if the 
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undesirable pattern of behavior disappears and does not reoccur in the current backoff 
time. 

However, Bare as modified does not disclose expressly the recovery time can be 
associated with an exponential recovery time interval. 

Singh teaches the recovery time can be associated with an exponential recovery 
time interval (Singh: see for example, Column 4 Line 40 - 47). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Singh within the system of Bare as 
modified because Singh teaches providing significant advancements in fault 
management for recovery / restart sequence in a real-time or mission critical 
environments such as data communication networking devices or applications (Singh: 
see for example, Column 2 Line 32 - 39). 

Accordingly, Bass as modified teaches the time period becomes longer in a 
random exponential backoff before an attempt is made to allow resumption of the 
packets from any offending computer that originated the undesirable pattern of 
behavior, the time period becoming longer if the undesirable pattern of behavior 
reoccurs during a current backoff time, the time period becoming shorter if the 
undesirable pattern of behavior disappears and does not reoccur in the current backoff 
time. 
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Conclusion 

THIS ACTION IS MADE FINAL Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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